Certificate-based encryption and public key infrastructure

Abstract

The present invention provides methods for sending a digital message from a sender (606) to a recipient (608) in a public-key based cryptosystem comprising an authorizer (606). The authorizer can be a single entity (606) or comprise a hierarchical or distributed entity (602, 604a-604b). The present invention allows communication of messages by an efficient protocol, not involving key status queries or key escrow, where a message recipient (608) can decrypt a message from a message sender (606) only if the recipient (608) possesses up-to-date authority from the authorizer. The invention allows such communication in a system comprising a large number (e.g. millions) of users.

Description

RELATED APPLICATIONS

[0001] This application claims the benefit of U.S. provisional patent applications Ser. No. 60 / 406,721, filed Aug. 28, 2002, and 60 / 412,221, filed Sep. 20, 2002, the entire contents of which are fully incorporated herein by this reference.BACKGROUND OF THE INVENTION

[0002] The present invention relates in general to cryptography and secure communication via computer networks or via other types of systems and devices, and more particularly to an improved method of implementation of public-key cryptography.

[0003] A user of a public-key cryptography based communication system communicates with another user by means of two different keys, a public key and a private key. A user's public key and private key form a public key / private key pair. A message sender communicates securely with a message recipient by encrypting a message using the recipient's public key. The sender then sends the message to the recipient who decrypts the message using the recipient's private ...

Images